Sources say the attack was first launched on black Friday, one of busiest shopping days of the year.
Reuters

A Target spokeswoman confirmed on Friday that PIN information was also stolen in the massive data breach that affected 40 million shoppers.

The thieves were able to swipe the PIN numbers along with credit and debit card information from shoppers. But the spokeswoman said that the data was encrypted and can only be accessed using a code from separated system that was not hacked, reports Gawker.

"We remain confident that PIN numbers are safe and secure," Target spokeswoman Molly Snyder said in a statement. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."

The retailer initially said that no PIN information had been compromised when news of the data breach first broke. But the revelation that PIN information was also accessed is an additional blow to the company. And the New York Times reports that hackers have been known to decode encrypted PIN information with technology used to capture the information.

News of the breach first broke on Dec. 18 in a post on KrebsOnSecurity.com, a website created by computer-security expert and former Washington Post reporter Brian Krebs. It is believed that the breach occurred right after Thanksgiving and continued to as recently as Dec. 15. The breach involved virtually all of Target’s 1,797 U.S. stores, according to sources at two credit-card issuers.